Topic: Browser XSS Protection

I'm getting this error in the console...
The XSS Auditor refused to execute a script in 'https://mySSLsecuredWebsite.com/article' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
Is there a reason that a dynamic url //:linkToEmbed cannot be used to fit whatever protocol is used on a users site?

You need to be Signed In to add a comment. (Are you new? Sign Up for a free account.)